ENS Troubleshooting - If you use MEW and forgot your three word secret (and are getting a Bad Instruction error)

Recently I was trying to reveal one of my bids and realized that somehow I failed to copy down my three word secret from myetherwallet, probably because the Status ICO was forcing me to re-attempt bids and I lost track of this one.

At any rate, my specific situation was that I was using myetherwallet, I knew how much I bid and my account, and I just needed the three word secret.

The domain being bid on, the account, the amount, and the three word secret are all used to produce an output that is stored on the blockchain in order to verify the bid when it's later revealed.

So what I did was write a python script to brute force through all of the possible three word combinations in order to find what I needed. You can find the code for that here.

I'm posting this in case anyone else is finding themselves in the same situation, this might help prevent loss of your bid amount.

What you need to know is the account you bid from and the amount, this will not work without that information. If you have that then go to section 1 of this troubleshooting page and follow the instructions in order to get the "New Bid Data" string which is the combination of the "MethodId:" and "[0]:" from your bid transaction.

Once you have that all you need to do is replace the information that the four variables at the top of the python script are currently set to. The variable names correspond with the fields under the ENS Debugger on the MEW Helpers Page.

Putting in the address you bid from, ENS name you bid on, amount you bid, and your three word secret into that page will display the "New Bid Data" output that needs to match what you get from your bid transaction. The python script will run through all the possible three word combinations until it finds the New Bid Data output that matches what's on your bid transaction (which you put into the python script). Once the script has finished you can test the result by filling out the MEW Helpers Page.

Some assumptions I made: (1) MEW generates the three words from the same mnemonic list of 2048 terms that Trezor uses, and (2) the three word secret won't use repeat words.

If you use it be aware that it can take 8 - 10 hours or so to run through the entire thing because there are billions of possible combinations.

Also, be aware that I'm not a professional programmer, not even close, I'm sure this code is awful in many ways, but all I know is that it worked for me. I cannot guarantee that it will work for you however so proceed at your own risk.

In order to run it you'll need to have python installed, specifically version 3.4.

You'll also need hashlib, if you are using Windows then you can get it by running this in a command prompt:

pip install hashlib

In addition you'll need pysha3:

pip install pysha3

The reason for pysha3 is that it has the specific Keccak-256 algorithm that Ethereum uses which is different from the SHA-3/Keccak algorithm that comes with hashlib on python >= 3.6.

Hope that helps!

EDIT: I noticed a small issue and fixed the script/entered it into a new pastebin. The word "true" on the mnemonic list was put in as "TRUE" on the script because I manipulated the list in Excel to get the quotes and commas before pasting, and Excel automatically converts the word "true" to all caps. I'm pretty sure that would change the output of the hash function and prevent the script from finding the three word secret if it happened to contain the word "true." It's been fixed.

EDIT 2: One thing to note for anyone who also doesn't remember what they bid -- if you at least know which account it was and can narrow it down to which transaction it was for the bid then you can see the exact amount you bid -- at least assuming you didn't use the bid mask feature.

wordlist

When deciding what phrases to use, three was the number partially because if someone did forget their words and they had XXXX ETH on the line, it would be doable in a day. But, for someone trying to figure out what someone bid, it would be quite a bit of effort with high risk of failure do to other variables.

Problem is, people tend to mix things up, lose everything, rather than forget a single item. :(

Very happy to hear that you took the initiative and it worked out for you. Balance between ease of use, security, and having fallbacks/solutions if things go wrong is a decision we struggle with every day and with the rapidly shifting user-demo over last few months, something we are actively looking to improve moving forward.